Scribd Logo
Upload

Welcome to Scribd!

  • 25 views

    Chat Transcript 30 Jan 2023

    Uploaded by

    Bi Lal
    1) The customer was receiving bulk undelivered emails to their info@flair.com.pk email address. 2) The support agent analyzed the email headers and determined that the email account had likely been hacked. 3) The agent advised the customer to change the passwords for the email account and cPanel account, and enable two-factor authentication on the cPanel to prevent future hacking attempts.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Chat Transcript 30 Jan 2023

    Uploaded by

    Bi Lal
    25 views3 pages
    1) The customer was receiving bulk undelivered emails to their info@flair.com.pk email address. 2) The support agent analyzed the email headers and determined that the email account had likely been hacked. 3) The agent advised the customer to change the passwords for the email account and cPanel account, and enable two-factor authentication on the cPanel to prevent future hacking attempts.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    1) The customer was receiving bulk undelivered emails to their info@flair.com.pk email address. 2) The support agent analyzed the email headers and determined that the email account had likely been hacked. 3) The agent advised the customer to change the passwords for the email account and cPanel account, and enable two-factor authentication on the cPanel to prevent future hacking attempts.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    25 views3 pages

    Chat Transcript 30 Jan 2023

    Uploaded by

    Bi Lal
    1) The customer was receiving bulk undelivered emails to their info@flair.com.pk email address. 2) The support agent analyzed the email headers and determined that the email account had likely been hacked. 3) The agent advised the customer to change the passwords for the email account and cPanel account, and enable two-factor authentication on the cPanel to prevent future hacking attempts.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 3

    Engagement NC-CB-9400 Chat Transcript - Namecheap

    Time Zone - GMT (UTC +00) 30 January, 2023

    [05:13:18] Flair Travel : hy

    hosting

    [05:15:14] [Sofiia Marchenko joined the chat]

    [05:15:16] Flair Travel : hyw

    [05:15:23] Sofiia Marchenko : Hello, you've contacted Live Support! How may I help you today?

    [05:15:25] Flair Travel : we are facing issue regarding emails

    [05:15:32] Flair Travel : our domain is flair.com.pk

    [05:15:54] Flair Travel : we recieve bulk undeleiverd emails on info@flair.com.pk

    [05:16:22] Flair Travel :


    [Screenshot 2023-01-30 101609.png]

    [05:16:25] Sofiia Marchenko : Please allow me 5 minutes to check it.

    [05:19:12] Sofiia Marchenko : Now that I have collected more details, please let me transfer our chat session to the representative who will assist you
    better with your particular request.

    [05:20:11] [Denys Sebii joined the chat]

    [05:20:11] [Sofiia Marchenko left the chat]

    [05:20:37] Denys Sebii : Hello! My name is Denys, and I will assist you further. Please allow me about 5-10 minutes to review your previous conversation,
    the necessary details, and look into your request.

    [05:20:41] Flair Travel : oka

    [05:27:02] Denys Sebii : Please provide me with a full email header of your bounce-back error.
    You can check how to do it here: https://www.namecheap.com/support/knowledgebase/article.aspx/858/2194/how-to-get-email-headers/

    [05:30:10] Flair Travel :


    [Screenshot 2023-01-30 102958.png]

    [05:30:23] Flair Travel : recieve bulk emails on info@flair.com.pk

    [05:33:32] Denys Sebii : Please copy all the text and paste it to chat.

    [05:33:42] Flair Travel : ok

    [05:33:57] Flair Travel : Return-Path: <>


    Delivered-To: info@flair.com.pk
    Received: from business82.web-hosting.com
    by business82.web-hosting.com with LMTP
    id oMUFCCNN12OJax4ATVF21w
    (envelope-from <>)
    for <info@flair.com.pk>; Sun, 29 Jan 2023 23:52:51 -0500
    Return-path: <>
    Envelope-to: info@flair.com.pk
    Delivery-date: Sun, 29 Jan 2023 23:52:51 -0500
    Received: from mailnull by business82.web-hosting.com with local (Exim 4.95)
    id 1pMM9y-008Nb3-VA
    for info@flair.com.pk;
    Sun, 29 Jan 2023 23:52:50 -0500
    X-Failed-Recipients: rubirose@o2.pl,
    ruda_paskuda@onet.pl
    Auto-Submitted: auto-replied
    From: Mail Delivery System <Mailer-Daemon@business82.web-hosting.com>
    To: info@flair.com.pk
    References: <E1pMM9N-008Lqp-LQ@business82.web-hosting.com>
    Content-Type: multipart/report; report-type=delivery-status; boundary=1675054370-eximdsn-350344877
    MIME-Version: 1.0
    Subject: Mail delivery failed: returning message to sender
    Message-Id: <E1pMM9y-008Nb3-VA@business82.web-hosting.com>
    Date: Sun, 29 Jan 2023 23:52:50 -0500

    --1675054370-eximdsn-350344877
    Content-type: text/plain; charset=us-ascii

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    P age 1 of 3
    rubirose@o2.pl
    host mx.tlen.pl [193.222.135.150]
    SMTP error from remote mail server after end of data:
    554 (#5.3.0) Nie przyjmiemy tej wiadomosci poniewaz jest to spam - zobacz strone:
    http://poczta.wp.pl/info-antyspam-polityka.html / We can't accept this message because it is spam - see:
    http://poczta.wp.pl/info-antyspam-policy.html [127]
    ruda_paskuda@onet.pl
    host mx.poczta.onet.pl [213.180.147.146]
    SMTP error from remote mail server after RCPT TO:<ruda_paskuda@onet.pl>:
    550 5.1.1 <ruda_paskuda@onet.pl>: Recipient address rejected:
    User unknown

    --1675054370-eximdsn-350344877
    Content-type: message/delivery-status

    Reporting-MTA: dns; business82.web-hosting.com

    Action: failed
    Final-Recipient: rfc822;ruda_paskuda@onet.pl
    Status: 5.0.0
    Remote-MTA: dns; mx.poczta.onet.pl
    Diagnostic-Code: smtp; 550 5.1.1 <ruda_paskuda@onet.pl>: Recipient address rejected: User unknown

    Action: failed
    Final-Recipient: rfc822;rubirose@o2.pl
    Status: 5.0.0
    Remote-MTA: dns; mx.tlen.pl
    Diagnostic-Code: smtp; 554 (#5.3.0) Nie przyjmiemy tej wiadomosci poniewaz jest to spam - zobacz strone: http://poczta.wp.pl/info-antyspam-
    polityka.html / We can't accept this message because it is spam - see: http://poczta.wp.pl/info-antyspam-policy.html [127]

    --1675054370-eximdsn-350344877
    Content-type: message/rfc822

    Return-path: <info@flair.com.pk>
    Received: from [183.88.232.138] (port=62544 helo=mail.flair.com.pk)
    by business82.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    (Exim 4.95)
    (envelope-from <info@flair.com.pk>)
    id 1pMM9N-008Lqp-LQ;
    Sun, 29 Jan 2023 23:52:18 -0500
    X-Cm-Message-Id:
    1675054334bd9b8be91af9398b5d12c011055072d0e0272d7366f7c032cc71e0e784f24
    X-Cm-Draft-Id: WyJhIiwyLCJkcmFmdF9pZCIsMTY3NTA1NDMzNDg5MSwidiIsMV0=
    MIME-Version: 1.0
    Content-Type: text/html; charset=UTF-8
    Subject: =?UTF-8?Q?=EF=BB=BF?=
    To: "rubirose" <rubirose@o2.pl>, "ruda paskuda" <ruda_paskuda@onet.pl>,
    "rumianek50" <rumianek50@interia.pl>, "run" <run@psiphon3.com>,
    "rybka177" <rybka177@interia.pl>
    Date: Mon, 30 Jan 2023 00:52:14 -0400
    From: "flowmoje" <info@flair.com.pk>
    X-Cm-Tracking-Code:
    2.0/1675054334/b3a546451490afd02b979437753bf2dd/2/299ebc327fa97d03318dda1efc29a278/450fda0d125b1e173a49b9ebc21fea67/a1d
    5d39e9cf1cc27ddf3f10f533d4dea
    X-Mailer: Newton
    Content-Transfer-Encoding: quoted-printable
    Message-Id: <E1pMM9N-008Lqp-LQ@business82.web-hosting.com>

    <a href=
    =3D" https://x1y0g.app.link/yVTJoiBrPwb&quot ;> https://x1y0g.app.link/yVTJoiBrPwb&lt ;/=
    a>

    --1675054370-eximdsn-350344877--

    [05:34:41] Flair Travel :


    [Screenshot 2023-01-30 103424.png]

    [05:37:35] Denys Sebii : Thank you. Can I access your info@flair.com.pk account via cPanel account?

    [05:37:51] Flair Travel : yes sure

    [05:40:42] Denys Sebii : Thank you. Please give me 10-12 minutes for an investigation.

    [05:40:51] Flair Travel : sure

    [05:53:43] Denys Sebii : Do I understand correctly, that you are not sending those emails, it is spam, right?

    [05:54:04] Flair Travel : yes we are not sending these email

    [05:54:11] Flair Travel : its spam

    [05:54:20] Flair Travel : i dont know why we recieve these emails

    [05:55:14] Denys Sebii : According to my check, the email account most likely is hacked.

    P age 2 of 3
    Those emails are being sent from Android mobile client:

    User-Agent: K-9 Mail for Android

    Message-ID: <c28007fa-7a7b-457a-bcb5-8190e6c51203@email.android.com>
    X-Android-Message-ID:
    <c28007fa-7a7b-457a-bcb5-8190e6c51203@email.android.com>

    I would suggest changing the email account passwords and your cPanel account password as well.
    Also, feel free to set up the 2FA for your cPanel account.

    [05:55:34] Flair Travel : ok

    [05:55:46] Denys Sebii : If you have other questions, I’ll be happy to help.

    [05:56:01] Flair Travel : No

    [05:57:31] Denys Sebii : It was a pleasure to help you! In order to rate the provided assistance, you may close the chat and press the “Stay on page”
    button to fill out the survey. Thank you!

    Thank you for contacting Namecheap Live Support! Have a nice one, goodbye.

    [05:57:41] [Thank you for your feedback]

    P age 3 of 3

    You might also like